Thank you. Now it works. So what is needed was a single HTTP header with name Authorization and value is the comma delimited string with quoted values as shown in the example.
In other words... POST /oauth/authorize HTTP/1.1 Authorization: OAuth oauth_nonce="n7NBq1mCqoinPQzQ23FRFOo6imP5Qh7l51QMi0tlO5GnW", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1285086393", oauth_consumer_key="<my consumer key>", oauth_signature="wykLrYGLUBkiq9s3VPIXi%2FGH1bk%3D", oauth_version="1.0" Content-Type: application/x-www-form-urlencoded <other standard hdrs> x_auth_mode=client_auth&x_auth_password=twitter- xauth&x_auth_username=oauth_test_exec On Sep 21, 2:23 am, Tom van der Woerdt <i...@tvdw.eu> wrote: > First, let me start by saying that xAuth is only an extension to OAuth > and that you will have to implement OAuth as well. > > The problem with your request is that you send all oauth_* parameters as > header. That's wrong: the correct syntax is "Authorization: OAuth > oauth_nonce="nonce", oauth_signature="sig",etc" > > Tom > > On 9/21/10 2:19 AM, Gary wrote: > > > Hello, > > > I am developing a desktop application using C++ and QT. (I'm not > > using QAuth because I don't want to have to encorporate QCA and > > OpenSLL into my app.) > > > I am attempting to perform xAuth and I'm getting 400 (bad request). > > Here are the details (data taken fromhttp://dev.twitter.com/pages/xauth) > > > Base string: > > POST&https%3A%2F%2Fapi.twitter.com%2Foauth > > %2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA > > %26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo > > %26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > > %3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth > > %26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec > > > oauth_signature: > > 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D > > > Post body: > > x_auth_mode=client_auth&x_auth_password=twitter- > > xauth&x_auth_username=oauth_test_exec > > > I sent the data to a bogus (non secure) server so I could see what was > > going out in wireshark. Below is the outgoing message. Why is this > > resulting in 400? What am I missing? (Assume this is really going to > >https://api.twitter.com/oauth/access_token) > > > POST /oauth/authorize HTTP/1.1 > > OAuth oauth_nonce: 6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo > > oauth_signature_method: HMAC-SHA1 > > oauth_timestamp: 1284565601 > > oauth_consumer_key: JvyS7DO2qd6NNTsXJ4E7zA > > oauth_signature: 1L1oXQmawZAkQ47FHLwcOV%2Bkjwc%3D > > oauth_version: 1.0 > > Content-Type: application/x-www-form-urlencoded > > Content-Length: 85 > > Connection: Keep-Alive > > Accept-Encoding: gzip > > accept-language: en,* > > User-Agent: Mozilla/5.0 > > Host: twitter.com > > > x_auth_mode=client_auth&x_auth_password=twitter- > > xauth&x_auth_username=oauth_test_exec -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en